foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sshca: Add genkey.sh script

Browse source
This commit is contained in:
Timo Makinen 2024-12-16 23:10:14 +00:00
parent e630255364
commit 5f38645fee
2 changed files with 36 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
roles/sshca/files/genkey.sh Executable file
View file

@ -0,0 +1,28 @@
#!/bin/sh
set -eu
if [ $# -ne 1 ]; then
echo "Usage: $(basename "$0") <year>" 1>&2
exit
fi
cd /srv/sshca/ca
year="$1"
if [ "$year" -eq "$year" ] 2> /dev/null; then
if [ "$year" -lt "$(date +%Y)" ]; then
echo "ERROR: Invalid year \"${year}\", time in the past" 1>&2
exit 1
fi
else
echo "ERROR: Invalid year \"${year}\"" 1>&2
exit 1
fi
if [ -f "ca.${year}" ]; then
echo "ERROR: Key \"${year}\" already exists" 1>&2
exit 1
fi
ssh-keygen -t ed25519 -f "/srv/sshca/ca/ca.${year}" -C "foo.sh - SSH CA ${year}"

8
roles/sshca/tasks/main.yml
View file

@ -27,6 +27,14 @@
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
follow: false follow: false
- name: Copy key generation script
ansible.builtin.copy:
dest: /srv/sshca/ca/genkey.sh
src: genkey.sh
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
- name: Copy signing script - name: Copy signing script
ansible.builtin.copy: ansible.builtin.copy:
dest: /srv/sshca/signcert.sh dest: /srv/sshca/signcert.sh